Data Retention and Deletion Policies
The law says you should not keep personal data for longer than you need it. A retention policy sets out, for each type of data, how long you keep it and when you delete it.
This is general guidance to help you build a sensible, defensible policy.
Why Retention Matters
- Less stored data means less to secure and less to lose.
- It supports the storage limitation principle.
- It makes responding to rights requests easier.
- It reduces clutter and improves data quality.
Setting Sensible Periods
Base retention on genuine need and any legal requirements — tax records, for example, must be kept for a set number of years. Where there is no fixed rule, choose a period you can justify and review it.
Automating Deletion
- List each data type and its retention period.
- Decide whether to delete or anonymise at the end.
- Schedule automated clear-downs where possible.
- Keep a log so you can show the policy is followed.
| Data type | Example period |
|---|---|
| Unsuccessful enquiry | 6–12 months |
| Customer order records | As required for tax/accounting |
| Marketing list (no engagement) | Review periodically |
| CCTV footage | Often around 30 days |
If you need a hand with any of this, your Progressive Robot delivery team is ready to help. Raise a ticket from the Support area of your client portal or speak to your account manager and we will guide you through the next steps.